jason/cpolis
1
0
Fork 1
Code Issues Pull Requests 1 Packages Projects Releases 52 Wiki Activity

Create ValidateSession() to not have unwanted side effects when validating session

Browse Source
This commit is contained in:
Jason Streifling 2025-01-19 20:10:51 +01:00
parent 7b04149a28
commit f99358729c
2 changed files with 22 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/calls/images.go
View File

@ -10,7 +10,7 @@ import (
func ServeImage(c *b.Config, s map[string]*f.Session) http.HandlerFunc { func ServeImage(c *b.Config, s map[string]*f.Session) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
if _, err := f.ManageSession(w, r, c, s); err != nil { if _, err := f.ValidateSession(w, r, c, s); err != nil {
if !tokenIsVerified(w, r, c) { if !tokenIsVerified(w, r, c) {
return return
} }

34
cmd/frontend/sessions.go
View File

@ -64,31 +64,39 @@ func StartSessions() (map[string]*Session, chan string) {
return sessions, sessionExpiryChan return sessions, sessionExpiryChan
} }
// ManageSession is used for verifying that the user is logged in and returns // ValidateSession is used for verifying that the user is logged in and returns
// their session and an error. It also handles cases where the user is not // their session and an error.
// logged in. func ValidateSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[string]*Session) (*Session, error) {
func ManageSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[string]*Session) (*Session, error) {
tmpl, tmplErr := template.ParseFiles(filepath.Join(c.WebDir, "templates", "index.html"), filepath.Join(c.WebDir, "templates", "login.html"))
cookie, err := r.Cookie("cpolis_session") cookie, err := r.Cookie("cpolis_session")
if err != nil { if err != nil {
if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
return nil, fmt.Errorf("error executing template: %v", err)
}
return nil, errors.New("no cookie set") return nil, errors.New("no cookie set")
} }
session, ok := s[cookie.Value] session, ok := s[cookie.Value]
if !ok { if !ok {
cookie.Expires = time.Now() return nil, errors.New("session does not exist")
http.SetCookie(w, cookie) }
return session, nil
}
// ManageSession is used for verifying that the user is logged in and returns
// their session and an error. It also handles cases where the user is not
// logged in.
func ManageSession(w http.ResponseWriter, r *http.Request, c *b.Config, s map[string]*Session) (*Session, error) {
session, err := ValidateSession(w, r, c, s)
if err != nil {
if session.cookie != nil {
session.cookie.Expires = time.Now()
http.SetCookie(w, session.cookie)
}
tmpl, tmplErr := template.ParseFiles(filepath.Join(c.WebDir, "templates", "index.html"), filepath.Join(c.WebDir, "templates", "login.html"))
if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil { if err = template.Must(tmpl, tmplErr).ExecuteTemplate(w, "page-content", nil); err != nil {
return nil, fmt.Errorf("error executing template: %v", err) return nil, fmt.Errorf("error executing template: %v", err)
} }
return nil, errors.New("session does not exist") return nil, err
} }
session.cookie.Expires = time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours)) session.cookie.Expires = time.Now().Add(time.Hour * time.Duration(c.CookieExpiryHours))